Frank Washkuch Jr.
May 11, 2006

New worm hoots at users

With one new malware in the wild, the early bird is the worm.

Researchers at Sophos are warning PC users about the W32/Hoots-A worm, which sends a picture of an owl to attached network printers.

The unusual malware is written in Visual Basic and spreads through network shares, according to a company advisory.

Once installed on a network, the worm sends a picture of an owl with the words "O RLY?" to a number of print queues.

Graham Cluley, senior technology consultant, said the malware is most likely the work of an amateur.

"This isn’t the work of a professional virus writer. Most malware authors these days encrypt their executables with packers in an attempt to make them harder to detect, this one does not," he said. "It is also written in Visual Basic, which is unusual for a virus today. But the smoking gun is that the worm has hardcoded within it the specific network paths to almost 40 different printers. It appears this malware was written for a specific organization, by someone who had inside knowledge of their IT infrastructure."

"Why the author should want to print out pictures of an owl is, of course, anybody’s guess," said Cluley.

The firm noted that it had so far only received reports of the worm from one company. 

Related Articles

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.